PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-08 07:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Fix NSE hangs when service sends non-matching data to receive_buf

Browse Source
This commit is contained in:
dmiller
2017-03-29 20:41:59 +00:00
parent 85e10c6b2b
commit 3dec043ead
26 changed files with 92 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/openvas-otp-brute.nse
View File

@@ -1,5 +1,6 @@
local brute = require "brute"
local creds = require "creds"
local match = require "match"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
@@ -59,7 +60,7 @@ Driver =
end
local response
status, response = self.socket:receive_buf("\r?\n", false)
status, response = self.socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if ( not(status) or response ~= "< OTP/1.0 >" ) then
local err = brute.Error:new( "Bad handshake from server: "..response )
err:setAbort(true)
@@ -82,7 +83,7 @@ Driver =
-- Create a buffer and receive the first line
local line
status, line = self.socket:receive_buf("\r?\n", false)
status, line = self.socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if (line == nil or string.match(line,"Bad login")) then
stdnse.debug2("Bad login: %s/%s", username, password)